Merge remote-tracking branch 'upstream/master'

2020-07-07 14:24:46 +00:00 · 2020-07-07 14:24:46 +00:00 · 92efe1c827
parent 426fe0840b ff576c9752
commit 92efe1c827
4 changed files with 26 additions and 14 deletions
--- a/concepts/configuration/README.md
+++ b/concepts/configuration/README.md
@ -3,10 +3,10 @@ Dapr configurations are settings that enable you to change the behavior of indiv

 An example of a per Dapr sidecar setting is configuring trace settings. An example of a control plane setting is mutual TLS which is a global setting on the Sentry system service.   

- [Self hosted sidecar configuration](#Self-hosted-sidecar-configuration)
- [Kubernetes sidecar configuration](#Kubernetes-sidecar-configuration)
+- [Self hosted sidecar configuration](#self-hosted-sidecar-configuration)
+- [Kubernetes sidecar configuration](#kubernetes-sidecar-configuration)
 - [Sidecar Configuration settings](#sidecar-configuration-settings)
- [Kubernetes control plane configuration](#Kubernetes-control-plane-configuration)
+- [Kubernetes control plane configuration](#kubernetes-control-plane-configuration)
 - [Control plane configuration settings](#control-plane-configuration-settings)

 ## Self hosted sidecar configuration
@ -36,7 +36,7 @@ A Dapr sidecar can apply a specific configuration by using a ```dapr.io/config``
    dapr.io/port: "3000"
    dapr.io/config: "myappconfig"
 ```
-Note: There are more [Kubernetes annotations](../../howto/configure-k8s/readme.md) available to configure the Dapr sidecar on activation by sidecar Injector system service.
+Note: There are more [Kubernetes annotations](../../howto/configure-k8s/README.md) available to configure the Dapr sidecar on activation by sidecar Injector system service.

 ## Sidecar configuration settings

@ -109,7 +109,7 @@ There is a single configuration file called `default` installed with the control

 A Dapr control plane configuration can configure the following settings:

-* [Mutual TLS](../../howto/configure-mtls/readme.md). Also see [security concepts](../security/readme.md) 
+* [Mutual TLS](../../howto/configure-mtls/README.md). Also see [security concepts](../security/README.md) 


 Property | Type | Description
@ -136,5 +136,5 @@ spec:
 ## References
 * [Distributed tracing](../observability/traces.md)
 * [Middleware pipelines](../middleware/README.md)
-* [Security](../security/readme.md) 
-* [How-To: Configuring the Dapr sidecar on Kubernetes](../../howto/configure-k8s/readme.md)
+* [Security](../security/README.md) 
+* [How-To: Configuring the Dapr sidecar on Kubernetes](../../howto/configure-k8s/README.md)
--- a/concepts/observability/README.md
+++ b/concepts/observability/README.md
@ -5,7 +5,7 @@ Observability is a term from control theory. Observability means you can answer
 The observability capabilities enable users to monitor the Dapr system services, their interaction with user applications and understand how these monitored services behave. The observability capabilities are divided into the following areas;

 * **[Metrics](./metrics.md)**: are the series of measured values and counts that are collected and stored over time. Dapr metrics provide monitoring and understanding of the behavior of Dapr system services and user apps. For example, the service metrics between Dapr sidecars and user apps show call latency, traffic failures, error rates of requests etc. Dapr system services metrics show side car injection failures, health of the system services including CPU usage, number of actor placement made etc.  
-* **[Logs](./logs.md)**: are records of events that occur occur that can be used to determine failures or other status. Logs events contain warning, error, info and debug messages produced by Dapr system services. Each log event includes metadata such as message type, hostname, component name, App ID, ip address, etc.
+* **[Logs](./logs.md)**: are records of events that occur and can be used to determine failures or another status. Logs events contain warning, error, info, and debug messages produced by Dapr system services. Each log event includes metadata such as message type, hostname, component name, App ID, ip address, etc.
 * **[Distributed tracing](./traces.md)**: is used to profile and monitor Dapr system services and user apps. Distributed tracing helps pinpoint where failures occur and what causes poor performance. Distributed tracing is particularly well-suited to debugging and monitoring distributed software architectures, such as microservices.

    You can use distributed tracing to help debug and optimize application code. Distributed tracing contains trace spans between the Dapr runtime, Dapr system services, and user apps across process, nodes, network, and security boundaries. It provides a detailed understanding of service invocations (call flows) and service dependencies.
@ -46,4 +46,4 @@ The table below shows the current status of each of the observabilty capabilites
 |---------|---------|----------|----------|-----------|--------|
 |Metrics  | Yes     | Yes      | Yes      | Yes       | Yes    |
 |Tracing  | Yes     | N/A      | N/A      | *Planned* | N/A    |
-|Logs     | Yes     | Yes      | Yes      | Yes       | Yes    |
+|Logs     | Yes     | Yes      | Yes      | Yes       | Yes    |
--- a/concepts/secrets/component-secrets.md
+++ b/concepts/secrets/component-secrets.md
@ -12,19 +12,31 @@ Go to [this](../../howto/setup-secret-store/README.md) link to see all the secre

 ## Non default namespaces

-If your Dapr enabled apps are using components that fetch secrets from non-default namespaces, apply the following resource to the namespace:
+If your Dapr enabled apps are using components that fetch secrets from non-default namespaces, apply the following resources to the namespace:

 ```yaml
-kind: ClusterRoleBinding
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-reader
+  namespace: <NAMESPACE>
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+---
+
+kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: dapr-secret-reader
+  namespace: <NAMESPACE>
 subjects:
 - kind: ServiceAccount
  name: default
-  namespace: <YOUR-NAMESPACE-HERE>
 roleRef:
-  kind: ClusterRole
+  kind: Role
  name: secret-reader
  apiGroup: rbac.authorization.k8s.io
 ```
--- a/overview/README.md
+++ b/overview/README.md
@ -91,7 +91,7 @@ You can use the [Dapr CLI](https://github.com/dapr/cli#launch-dapr-and-your-app)

 ## Running Dapr in Kubernetes mode

-Dapr can be configured to run on any [Kubernetes cluster](https://github.com/dapr/samples/tree/master/2.hello-kubernetes). In Kubernetes the `dapr-sidecar-injector` and `dapr-operator` services provide first class integration to launch Dapr as a sidecar container in the same pod as the service container and provide notifications of Dapr component updates provisioned into the cluster. 
+Dapr can be configured to run on any [Kubernetes cluster](https://github.com/dapr/samples/tree/master/2.hello-kubernetes). In Kubernetes the `dapr-sidecar-injector` and `dapr-operator` services provide first class integration to launch Dapr as a sidecar container in the same pod as the service container and provide notifications of Dapr component updates provisioned into the cluster. Additionally, the `dapr-sidecar-injector` also injects the environment variables `DAPR_HTTP_PORT` and `DAPR_GRPC_PORT` into **all** the containers in the pod to enable user defined applications to easily communicate with Dapr without hardcoding Dapr port values. 

 The `dapr-sentry` service is a certificate authority that enables mutual TLS between Dapr sidecar instances for secure data encryption. For more information on the `Sentry` service read the [security overview](../concepts/security/README.md#dapr-to-dapr-communication)